Feeds

IPv6 intro creates spam-filtering nightmare

Blacklist extinction looms

Securing Web Applications Made Simple and Scalable

The migration towards IPv6, which has been made necessary by the expansion of the internet, will make it harder to filter spam messages, service providers warn.

The current internet protocol, IPv4, has a limited address space which is reaching exhaustion* thanks to the fast uptake of internet technology in populous countries such as India and China and the more widespread use of smartphones. IPv6 promises 3.4 x 1038 addresses compared to the paltry 4.3 billion (4.3 x 109) addresses offered by IPv4.

While this expansion allows far more devices to have a unique internet address, it creates a host of problems for security service providers, who have long used databases of known bad IP addresses to maintain blacklists of junk mail cesspools. Spam-filtering technology typically uses these blacklists as one (key component) in a multi-stage junk mail filtering process that also involves examining message contents.

"The primary method for stopping the majority of spam used by email providers is to track bad IP addresses sending email and block them – a process known as IP blacklisting," explained Stuart Paton, a senior solutions architect at spam-filtering outfit Cloudmark. "With IPv6 this technique will no longer be possible and could mean that email systems would quickly become overloaded if new approaches are not developed to address this."

Other security technologies also track IP addresses for various purposes, including filtering out sources of denial of service attacks, click fraud and search engine manipulation. Tracking a vastly expanded IP address space will make life much harder for network defenders, Paton warns.

"As an example, the address space is so large that it would be easy for spammers to use a single IP address just once to send a single email," he said.

The information security industry and ISPs need to collaborate on working out how to resolve the problem in order to make sure inboxes are not flooded with more junk mail thanks to the introduction of the new internet-address protocol. In the meantime, Cloudmark suggests interim restriction might need to be applied to preserve existing systems.

"Cloudmark advocates that ISPs do not initially need to be able to receive mail from IPv6 addresses (on inbound) except from their own customers (known as outbound)," Paton explained. "This would ensure business continuity for ISPs and provisioning of ADSL/Cable modems to continue. This measure will also protect the IPv4 reputation system that is currently in use and working well."

Paul Wood, an anti-spam expert at Symantec.cloud (formerly MessageLabs), confirmed that other security firms are also considering whether to apply tougher controls on mail from IPv6 networks.   "It [IPv6] is definitely a real area of concern in the anti-spam community, and opinion varies on whether businesses should accept mail on IPv6 or not for this reason," Woods told El Reg. "I'm of the opinion that at least for the moment they shouldn't, unless the connections are from a trusted source."

Email is a two-way communication protocol (unlike web browsing), so legitimate IPv6 mail servers, outside of academia and testing environments, will need to support IPv4 for some years. "Relatively speaking, there are very few real mail servers in the world, so the starvation of IPv4 will not affect them much because there will for a very long time be a resale market in the IPv4 address space," Wood added.

Wood told El Reg that although the move to IPv6 is a bit of a headache for spam-filtering, it might also make life harder for hackers hoping to take advantage of open relays to distribute spam or mount other types of security attacks.

"While the arrival of IPv6 is likely to eliminate the usefulness of traditional IP-based blacklists, it is also likely to reduce the issues that arise from port-scanning of open relays and other vulnerabilities," Wood explained. "The IPv6 address space is so large it wouldn't be scalable from the bad-guys perspective – the returns will diminish over time." ®

* Although the last big blocks of IPv4 address space were allocated last month, there is plenty of assigned but unused space, estimated to be as high as 50 per cent by some experts. That means the resale market for IPv4 addresses is likely to last several years, at minimum.

Mobile application security vulnerability report

More from The Register

next story
NEW, SINISTER web tracking tech fingerprints your computer by making it draw
Have you been on YouPorn lately, perhaps? White House website?
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Black Hat anti-Tor talk smashed by lawyers' wrecking ball
Unmasking hidden users is too hot for Carnegie-Mellon
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
NUDE SNAPS AGENCY: NSA bods love 'showing off your saucy selfies'
Swapping other people's sexts is a fringe benefit, says Snowden
Own a Cisco modem or wireless gateway? It might be owned by someone else, too
Remote code exec in HTTP server hands kit to bad guys
prev story

Whitepapers

Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.